| commit | 52a84cab3bb49e459a20306dd35707a880d7a1bc | [log] [tgz] |
|---|---|---|
| author | Theodore Ts'o <[email protected]> | Tue May 22 20:15:24 2018 |
| committer | ChromeOS Commit Bot <[email protected]> | Fri Jun 29 18:44:41 2018 |
| tree | ffa7b787b727e774b72e8ff39c01f42432f95c2e | |
| parent | 41a9c1aaf252c00eff91cadc2649ce19d7cbaac0 [diff] |
UPSTREAM: ext4: do not allow external inodes for inline data commit 117166efb1ee8f13c38f9e96b258f16d4923f888 upstream. The inline data feature was implemented before we added support for external inodes for xattrs. It makes no sense to support that combination, but the problem is that there are a number of extended attribute checks that are skipped if e_value_inum is non-zero. Unfortunately, the inline data code is completely e_value_inum unaware, and attempts to interpret the xattr fields as if it were an inline xattr --- at which point, Hilarty Ensues. This addresses CVE-2018-11412. https://bugzilla.kernel.org/show_bug.cgi?id=199803 BUG=chromium:857017 TEST=Run image through ext4 file system tests Change-Id: I65d201d0ba3a03ce5ff98bfe45d394c857f82cac Reported-by: Jann Horn <[email protected]> Reviewed-by: Andreas Dilger <[email protected]> Signed-off-by: Theodore Ts'o <[email protected]> Fixes: e50e5129f384 ("ext4: xattr-in-inode support") Cc: [email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Reviewed-on: https://chromium-review.googlesource.com/1120875 Reviewed-by: Guenter Roeck <[email protected]> Commit-Queue: Guenter Roeck <[email protected]> Tested-by: Guenter Roeck <[email protected]>